Open menu
-->

Cloud Conformity User Signed In From Non-Approved Country

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Start a Free Trial Product features
Security

Risk level: Medium (should be achieved)

Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine detected a Cloud Conformity user authentication session initiated from a non-authorized country.

This rule resolution is part of the Cloud Conformity Security Package

An approved country is a well-known region from where the access to your Cloud Conformity account is eligible. A non-approved country is the reverse of an authorized country, from where all Cloud Conformity user authentication requests are evaluated as suspicious or unrecognised.

Cloud Conformity recommends to restrict access to your account from a country where your business is not operating or is known as an abundant source of hacking and cyber attacks.

In order to enable RTMA detection for this conformity rule, you must define the list of approved countries within the rule settings using the Cloud Conformity dashboard. Once the rule is configured and all approved countries are specified, the rule detection becomes active and you will be notified by the RTMA agent for any Cloud Conformity login sessions initiated from a non-approved country.

Important Note:
To adhere to security best practices and benefit from the RTMA detection used by this rule, you need to define first the list of approved countries within the rule settings available on Cloud Conformity dashboard.

Rationale

Monitoring the access to your Cloud Conformity account in real-time is crucial for keeping your account secure. With the Cloud Conformity RTMA logon detection which filters authentication requests made from non-authorized countries you will gain real-time visibility into your account login activity and help you respond fast to any unauthorized access session that represents a threat to your AWS infrastructure.

If the email account used to register with Cloud Conformity gets compromised by a malicious user from a blacklisted (non-authorized) country, the user can gain access to the configuration information (metadata) associated with your Amazon Web Services infrastructure. The attacker cannot obtain direct access to your AWS resources but he/she can gather useful information about your AWS environment and use it to plan elaborate attacks such as phishing attacks, scamming or social engineering attacks on any of the AWS account(s) linked to your Cloud Conformity identity. Other risks involved could be: changing the rule settings, adding his region to the list of approved countries or even disabling the real time monitoring (RTMA) feature.

We highly recommend using Real-Time Threat Monitoring and Analysis (RTMA) for intrusion detection in order to implement geo access restriction for your Cloud Conformity account.

References

Publication date May 24, 2017